World of Tanks is running a change your password event in which they reward every account which changes its password to something more secure with 300 gold, their real-money currency. That idea is brilliant on so many levels, you have to wonder why nobody ever thought of it.

Honestly it looks like "our password database was compromised and we need to have players change their passwords or we'll spend ages answering the phone calls of hacked people, 300g is cheaper than that, so full steam ahead!".And it'll not solve people picking crappy passwords or reusing them on all the WoT websites.

I suppose it is one way of getting players to create of more secure password but honestly I don't think it is the best solution.

I still think the most secure solution is to employ authenticators. I always wondered why WoW doesn't offer more inducements to use authenticators.

Personally if I were them I would sell the Authenticator as "account insurance" but including some additional bonus such as a mount or some kind of XP boost item (perhaps with a monthly cooldown so you can use it more than once).

The "insurance" element should be that if you buy an authenticator and your account gets hacked, Blizzard would guarantee to recover all your lost items. If you also ban all trading when not using an authenticator I suspect you will practically kill gold selling over night.

The key point though would be that those not using an authenticator would never get their stolen gold/items recovered if they got hacked. That would be an anti-inflationary measure that even Maggie Thatcher would be proud of.

The other option is the one we use at work where the system automatically forces you to reset your password every couple of months and it gives you a choice of three passwords consisting of random letters. Problem with this option is that I know from working in IT support that I have to reset a lot of passwords due to users forgetting them...

Still I don't believe passwords are ever secure because you cannot guarantee the users machine is free of keyloggers and you can't guarantee that they won't use the password on other sites.

Whilst "only" 99.9999% secure I think authenticators are the way to go. I know my bank HSBC agree with me! I suspect that the few getting hacked with authenticators are those that were account sharing with room mates etc. In which case ban them anyway!

What is the brilliant part? Offering an inducement or making the inducement specifically in-game currency?

The latter might be a first but surely this isn't the first time players have been offered benefits to their characters for changing passwords - I seem to remember getting Achievements and/or titles for doing this in several MMOs, EQ2 and Rift among them.

If you're saying giving in-game currency is the brilliant new idea, why is that?

If you're saying giving in-game currency is the brilliant new idea, why is that?

A large number of Free2Play customers do exactly that, play for free, and never use real-money currency. Handing out a "free sample" of that currency can show them the advantages, and thus lead to further sales. And it doesn't really "cost" anything!

So they want people to change password -- and hence offering the gold if your new password is 'strong'.

Nice idea, but it would've been better if they hadn't gotten compromised in the first place :P

Actually, on that subject -- I think they are way too coy about the whole 'compromise' thing -- they ought've been more "in your face" about the fact so that you know that you *need* to change password.

Note that there is one HUGE difference between a MMORPG account being hacked and a WoT account being hacked: World of Tanks has absolutely no way to transfer tanks or gold from one account to another. Thus there is no black market for tanks or gold which would encourage thieves to hack your account to sell your stuff.

It's pretty cool what they did. I would have changed my password anyway, as soon as I found out about the breach, but the gold was just icing on the cake. Hey maybe they should have "password change events" several times a year, with gold bribes.

It wouldn't be a bad idea if they offered optional two factor authentication though.

On the other hand, like someone already mentioned, I'd guess that people would have less motivation to hack WoT accounts since you can't transfer tanks, gold or silver.

If they need their users to change passwords, they need to tell their users to change passwords.

More secure passwords may do more harm than good IMO. People don't remember them so they write them down. Forced use of authenticators is absurd also. Who wants to be clicking a different stupid expensive dongle to log into every game they play?